Displaying 20 results from an estimated 4000 matches similar to: "Kerberos Principal"
2016 Feb 23
0
Kerberos Principal
You mean something like :
Create a user for a service.
samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password
Disable password expiry.
samba-tool user setexpiry squid-proxy --noexpiry
setting HTTP SPN on the proxy user (proxy1)
samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy
samba-tool spn add
2017 Jan 20
3
how to run ktpass with a Samba AD DC?
I was trying to get authentication via kerberos working but I'm having
trouble trying to run ktpass as in step 6 here
http://robertan.com/home/2015/01/14/kerberos-auth-with-apachephp/
ktpass -princ HTTP/contoso.com at CONTOSO.COM -mapuser
CONTOSO\<USERNAME> -crypto all -ptype KRB5_NT_PRINCIPAL -pass
<PASSWORD> -out webpage.HTTP.keytab
I'm not sure of the
2013 Apr 29
3
ktpass.sh error / How to generate a keytab for a new service (apache) with SAMBA4?
Hi,
I was trying to get a new keytab in samba4 for my apache service. So I
tried the following command:
sh ktpass.sh --out /etc/apache.keytab --princ
HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN --pass VerySecure123 --enc
des-cbc-md5
I get the following error: Unable to find kvno for principal
HTTP/myhost.samba.my.domain at SAMBA.MY.DOMAIN
Am I doing something wron or shouldn't I be
2016 Jun 27
3
Looking for GSSAPI config [was: Looking for NTLM config example]
Hi,
On 27-06-2016 08:58, Mark Foley wrote:
> So, I'm apparently lacking in the kerberos stuff. Here's the problem -- Samba4 uses Heimdal
> Kerberos and when I provisioned my domain apparently none of these needed kerberos files were
> set up. I can, however, kerberos authenticate from domain workstations both WIN7 and Linux.
You don't need any Samba4 stuff, to get it
2009 May 04
2
bad encryption type in AD domain authentication
Hello,
I'm trying to access a samba share using an ADS user credentials. I always
get an error, and the debug traces (log level = 5) are giving me the output
in the follow.
I have searched the samba ML archives, and I have found the thread
http://lists.samba.org/archive/samba/2004-April/084545.html
but, before asking the system admin to apply the eventual KB fixes, I would
like to know if the
2004 Mar 16
3
samba 3, ADS, kerberos, keytab problem - Additional pre-authentication required
Hello List,
I am (unsuccessfully) trying to automatically get a valid kerberos
ticket for my linux box. I have - in a test environment:
- a windows 2000 server with Active directory and DNS properly set up.
- a suse linux 9.0 router with samba3.0.2.rc.1 and heimdal 0.6.-67.
- I am able to join the domain and get a valid ticket through kinit, if
I enter the Administrator's password or the
2016 Sep 16
2
Exporting keytab for SPN failure
Am 16.09.2016 um 22:49 schrieb Rowland Penny via samba:
> On Fri, 16 Sep 2016 22:43:42 +0200
> Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>>
>> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
>>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>>>
>>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via
2016 Sep 16
6
Exporting keytab for SPN failure
Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>
>>
>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>>> On Wed, 14 Sep 2016 16:23:27 -0500
>>> Michael A Weber via samba <samba at lists.samba.org> wrote:
>>>
>>>>> On Sep 14, 2016, at 2:00 PM, Achim
2016 Aug 29
5
set UPN / SPN from samba-tool.
Hai
After my squid group adventure, i have a remaining question here.
The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )
samba-tool setup for squid i used, was as followed.
samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password
samba-tool user setexpiry
2016 Dec 29
3
Error with samba update in debian.
no thats not it
samba-tool does not set upn but msktutil does set the upn.
So an option for samba-tool to set upn would be nice...
Greetz
Louis
> Op 28 dec. 2016 om 18:38 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
>
> On Wed, 28 Dec 2016 17:05:39 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
2006 Jul 13
2
Kerberos Keytab Code Update in 3.0.23
First thing - I'd like to say a big "THANK YOU" to the developers.
I just upgraded to samba-3.0.23 and I've noticed an alarming issue with
respect to my configuration.
I've been using the built-in keytab management and it looks like the updated
code no longer creates the userPrincipal in Active Directory.
Whether this is an issue for others or not, it would be nice to have
2015 Feb 13
1
Samba4 kinit issue with principal and keytab file
Hi Rowland,
Hi looks like the "-c" option is optional.
My
problem is not really the kerberos cache file, but the "principal"
linked to the user kerbuser.
The principal is
HTTP/webserver.MYDOMAIN.LOCAL at MYDOMAIN.LOCAL
I would like to use kinit
and give this principal as parameter. something like :
> kinit -k -t
/root/my.keytab HTTP/webserver.MYDOMAIN.LOCAL at
2016 Sep 15
3
Exporting keytab for SPN failure
Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
> On Wed, 14 Sep 2016 16:23:27 -0500
> Michael A Weber via samba <samba at lists.samba.org> wrote:
>
>>> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz>
>>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>>>>>
2016 Aug 30
2
set UPN / SPN from samba-tool.
2016-08-30 16:10 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 30 Aug 2016 15:58:13 +0200
> mathias dufresne via samba <samba at lists.samba.org> wrote:
>
> > And reading last mails comforts me in believing the filter used by
> > client side to retrieve user is not correct, that filter should use
> > SPN then you won't need to
2017 May 22
4
Problems with Samba 4.6.3 Authentication
Hi,
I have posted the following message to Squid-Users forum (
squid-users at lists.squid-cache.org).
"I have migrated of Samba 4.2.1 to Samba 4.6.3 as DC, but now my Squid
authentication doesn't work.
In samba 4.2.1 is working properly.
This is my authentication block:
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
DC=empresa,DC=com,DC=br -D
2016 Sep 16
1
Exporting keytab for SPN failure
Am 16.09.2016 um 22:54 schrieb Robert Moulton via samba:
> Achim Gottinger via samba wrote on 9/16/16 1:43 PM:
>>
>>
>> Am 16.09.2016 um 22:00 schrieb Robert Moulton via samba:
>>> Achim Gottinger via samba wrote on 9/15/16 1:20 AM:
>>>>
>>>>
>>>> Am 15.09.2016 um 09:35 schrieb Rowland Penny via samba:
>>>>> On Wed,
2016 Aug 30
2
set UPN / SPN from samba-tool.
And reading last mails comforts me in believing the filter used by client
side to retrieve user is not correct, that filter should use SPN then you
won't need to set up SPN into UPN field.
2016-08-30 15:55 GMT+02:00 mathias dufresne <infractory at gmail.com>:
> Hi Louis,
>
>
> 2016-08-29 16:18 GMT+02:00 L.P.H. van Belle via samba <
> samba at lists.samba.org>:
>
2015 Aug 05
5
LDAP bindpw password
Hi.
I'm using Samba 4 on two Zentyal servers as Domain Controller and now
I have to authenticate some services to it (Apache and PAM in
particular).
The LDAP integration asks me for a LDAP bind password, but I cannot
find out where it is on Zentyal.
Is there a way to check (or change it) directly on Samba 4?
Or is it preferable to authenticate against Active Directory or Kerberos?
Thank you
2016 Sep 14
2
Exporting keytab for SPN failure
> On Sep 14, 2016, at 2:00 PM, Achim Gottinger <achim at ag-web.biz> wrote:
>
>
>
> Am 14.09.2016 um 20:33 schrieb Michael A Weber:
>>
>>> On Sep 14, 2016, at 1:10 PM, Achim Gottinger <achim at ag-web.biz <mailto:achim at ag-web.biz>> wrote:
>>>
>>>
>>>
>>> Am 14.09.2016 um 19:53 schrieb Michael A Weber:
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great
deal and cannot find where I have goofed (and there sure is a lot of
misleading and just plain incorrect information out there), so would
appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as
does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not
happy with that. My